function isSecretPass($gCookie, $uid, $dbid) { global $isRoot, $isAdmin, $v_LogId, $table, $THIS_FILE; if (!strstr($gCookie, $table . "_" . $uid . "_")) { if (!$v_LogId || $v_LogId && $v_LogId != $dbid) { if (!$isRoot && !$isAdmin) { putErrPage(getErrorMsg(4)); } } } }
<?php session_start(); include './conf/db_info.php'; include './conf/db/' . $DB[kind] . '.php'; include './lib/init_check.php'; $DB_CONNECT = isConnectDb($DB[host], $DB[user], $DB[pass]); $DB_USEMYDB = isSelecteDb($DB[name], $DB_CONNECT); if (!$DB_CONNECT) { putErrPage(getErrorMsg(0)); } if (!$DB_USEMYDB) { putErrPage(getErrorMsg(1)); } include './conf/root_info.php'; include './conf/member_info.php'; $initTime = getNowTimes(); $MEMBER = getMemberLog($HTTP_SESSION_VARS[KimsLogId], 1, $DB_CONNECT); $v_LogId = $MEMBER[MB_ID]; $isRoot = getIsRoot(); $isAdmin = 0; $skin[head] = $skin[head] ? $skin[head] : 'default'; $skin[foot] = $skin[foot] ? $skin[foot] : 'default'; $HeadImg = './template/header/' . $skin[head] . '/image'; $FootImg = './template/footer/' . $skin[foot] . '/image'; $SearImg = './lib/module/search/image'; include './lib/module/search/func.php'; @(include './template/header/' . $skin[head] . '/header.php'); include './lib/init_open.php'; @(include './lib/module/search/search.php'); @(include './bbs/lib/include/inline/hidden.php');
} $ViewPerm = getEnterPerm($bbs[ViewPm], "", true, true); if (!$ViewPerm) { putErrPage(getErrorMsg(2)); } $WritePerm = getEnterPerm($bbs[WritePm], "", true, true); if (!$WritePerm) { $Wauth = "none"; } $ReplyPerm = getEnterPerm($bbs[ReplyPm], "", true, true); if (!$ReplyPerm) { $Rauth = "none"; } $RCD = db_fetch_array(db_query("SELECT * FROM kimsbod7_{$table}_dat WHERE BB_UID='{$uid}'", $DB_CONNECT)); if (!$RCD[BB_UID]) { putErrPage(getErrorMsg(3)); } if ($RCD[BB_SECRET]) { isSecretPass($HTTP_SESSION_VARS[kimsboard7_secr], $RCD[BB_UID], $RCD[BB_MB_ID]); } putReadCount($table, $uid, $HTTP_SESSION_VARS[kimsboard7_view], $bbs[HowCount]); $gvDownJsQue = "0,0,0,0,0,0,0"; if ($RCD[BB_FILE] || $RCD[BB_LINK]) { $Enable_Down = getEnterPerm($bbs[DownloadPm], $RCD[BB_MB_ID], $RCD[BB_FILE], $RCD[BB_LINK]); $gvUpfileStr = $Enable_Down ? getMultiFileStr($RCD[BB_FILE], "./bbs/table/" . $table . "/upload") : ''; $gvUpfileNum = getMultiFileNum($RCD[BB_FILE]) + getMultiFileNum($RCD[BB_LINK]); $gvDownJsQue = $Enable_Down . ",'" . $gvUpfileStr . "'," . $gvUpfileNum . "," . $RCD[BB_DOWN] . ",'" . $table . "'," . $RCD[BB_UID] . ",'" . $bbs[Skin] . "'"; $gvDownJsQue = $Enable_Down ? $gvDownJsQue . ",'" . $RCD[BB_LINK] . "'" : $gvDownJsQue . ",''"; } $gvModifyQue = "'modify'," . $isRoot . "," . $isAdmin . ",'" . $v_LogId . "','" . $RCD[BB_MB_ID] . "','" . $RCD[BB_UID] . "','',event"; $gvDeleteQue = "'delete'," . $isRoot . "," . $isAdmin . ",'" . $v_LogId . "','" . $RCD[BB_MB_ID] . "','" . $RCD[BB_UID] . "','',event";
$Field_Arr = array("BB_PID", "", "", "", "BB_SUBJECT", "BB_NAME", "BB_HIT", "BB_REQ", "BB_DOWN", "BB_UID", "BB_HOME_URL", "BB_PREVIEW", "BB_IP", "BB_AGENT", "BB_ADD"); $addarr = explode(',', $bbs[add_field]); for ($k = 0; $k < 10; $k++) { $addarrexp = explode('|', trim($addarr[$k])); if (!$addarrexp[0]) { continue; } $Field_Arr[] = $addarrexp[1]; } $Title_Arr = explode(',', $bbs[sbjstr]); $Title_Num = sizeof($Title_Arr); $Seted_Arr = explode(',', $bbs[sbjset]); $Seted_Num = sizeof($Seted_Arr); $ListPerm = getEnterPerm($bbs[ListPm], "", true, true); if (!$ListPerm) { putErrPage(getErrorMsg(2)); } $ViewPerm = getEnterPerm($bbs[ViewPm], "", true, true); if (!$ViewPerm) { $Vauth = "disabled"; } $WritePerm = getEnterPerm($bbs[WritePm], "", true, true); if (!$WritePerm) { $Wauth = "none"; } $ReplyPerm = getEnterPerm($bbs[ReplyPm], "", true, true); if (!$ReplyPerm) { $Rauth = "none"; } $LimitArr = explode(',', trim($bbs[NoticeUid])); $recnum = $grecnum && $grecnum < 200 ? $grecnum : $bbs[recnum];
echo "</script>"; exit; } //다운로드체크 $refer_exp = explode('?', $HTTP_REFERER); if (!$HTTP_REFERER || !strstr($refer_exp[0], $HTTP_HOST)) { getAlertMsg(getErrorMsg(2)); } if ($where == 'dat') { if (!getEnterPerm($bbs[DownloadPm], "", true, true)) { getAlertMsg(getErrorMsg(2)); } db_query("UPDATE kimsbod7_" . $table . "_dat SET BB_DOWN=BB_DOWN+1 WHERE BB_UID='" . $uid . "'", $DB_CONNECT); } else { if (!getEnterPerm($bbs[CmtDownPm], "", true, true)) { getAlertMsg(getErrorMsg(2)); } db_query("UPDATE kimsbod7_" . $table . "_rpl SET RP_DOWN=RP_DOWN+1 WHERE RP_UID='" . $uid . "'", $DB_CONNECT); } $Down_Path = $dtype == 'up' ? "./bbs/table/" . $table . "/upload/" : ""; $Inline_Q1 = "gif,jpg,jpeg,png,bmp"; $Inline_Q2 = "html,php3,asp,jsp,cgi,xml"; if ($dtype == 'up') { $Fullfile = $Down_Path . $file; $File_spl = explode('.', $file); $File_Ext = strtolower(array_pop($File_spl)); if (strstr($Inline_Q1, $File_Ext)) { $que_file = "./bbs/lib/module/imgview/image.php?image=" . urlencode("../../../table/" . $table . "/upload/" . $file); echo "<script>window.open('" . $que_file . "','imagewin','left=0,top=0,width=100,height=100');</script>"; exit; }
<?php if (!$uid) { putErrPage(getErrorMsg(3)); } $UID_DATA = db_fetch_array(db_query("SELECT * FROM kimsbod7_" . $table . "_dat WHERE BB_UID='{$uid}'", $DB_CONNECT)); if (!getPassCheck($COMP_PASS, $UID_DATA[BB_PASS], $UID_DATA[BB_MB_ID])) { putErrPage(getErrorMsg(4)); } $KEY_UPDATE = db_query("SELECT * FROM kimsbod7_" . $table . "_key WHERE KY_PID <= " . $UID_DATA[BB_PID] . " ORDER BY KY_KEY DESC", $DB_CONNECT); $ROW_DATA = db_fetch_array(db_query("SELECT MIN(BB_PID) FROM kimsbod7_" . $table . "_dat", $DB_CONNECT)); $NKEY = $ROW_DATA[0]; while ($KEY = db_fetch_array($KEY_UPDATE)) { $DEL_QUE = "SELECT BB_PID FROM kimsbod7_" . $table . "_dat "; $DEL_QUE .= "WHERE BB_PID >= {$NKEY} AND BB_PID < " . $KEY[KY_PID] . " ORDER BY BB_PID DESC LIMIT 0,1"; $UKEY = db_fetch_array(db_query($DEL_QUE, $DB_CONNECT)); $NKEY = $KEY[KY_PID]; if ($UKEY[BB_PID]) { db_query("UPDATE kimsbod7_" . $table . "_key SET KY_PID='" . $UKEY[BB_PID] . "' WHERE KY_KEY='" . $KEY[KY_KEY] . "'", $DB_CONNECT); } else { db_query("DELETE FROM kimsbod7_" . $table . "_key WHERE KY_KEY='" . $KEY[KY_KEY] . "'", $DB_CONNECT); } } $CMT_DATA = db_query("SELECT * FROM kimsbod7_" . $table . "_rpl WHERE RP_PARENT='{$uid}'", $DB_CONNECT); while ($CMT = db_fetch_array($CMT_DATA)) { getUpfileDelete($CMT[RP_FILE], $table); } getUpfileDelete($UID_DATA[BB_FILE], $table); db_query("DELETE FROM kimsbod7_" . $table . "_dat WHERE BB_UID='" . $uid . "'", $DB_CONNECT); db_query("DELETE FROM kimsbod7_" . $table . "_rpl WHERE RP_PARENT='" . $uid . "'", $DB_CONNECT); if ($bbs[rec_give]) {
function handleJSON_getUserProfile($smarty, $module_name) { include_once "libs/paloSantoForm.class.php"; include "configs/languages.conf.php"; //este archivo crea el arreglo language que contine los idiomas soportados //por elastix Header('Content-Type: application/json'); $arrCredentials = getUserCredentials($_SESSION['elastix_user']); $lang = get_language(); $error_msg = ''; $archivos = array(); $langElastix = array(); global $arrConf; $ERROR = ''; $pDB = new paloDB($arrConf['elastix_dsn']["elastix"]); $pACL = new paloACL($pDB); $jsonObject = new PaloSantoJSON(); $dataProfile = getDataProfile($pDB, $ERROR); if ($dataProfile === FALSE) { $smarty->assign("MSG_ERROR_FIELD", getErrorMsg()); $jsonObject->set_error(getErrorMsg()); return $jsonObject->createJSON(); } $extension = "{$dataProfile['exten']}/{$dataProfile['device']}"; leer_directorio("/usr/share/elastix/lang", $error_msg, $archivos); if (count($archivos) > 0) { foreach ($languages as $lang => $lang_name) { if (in_array("{$lang}.lang", $archivos)) { $langElastix[$lang] = $lang_name; } } } $selectedLanguage = $pACL->getUserProp($arrCredentials['idUser'], "language"); if ($selectedLanguage === FALSE) { $jsonObject->set_error(_tr("Invalid Language")); return $jsonObject->createJSON(); } $smarty->assign("TITLE_POPUP", _tr("My Profile ")); $smarty->assign("SAVE_POPUP", _tr("Save changes")); $smarty->assign("CHANGE_PASSWD_POPUP", _tr("Change Password")); $smarty->assign("userProfile_label", _tr("User")); $smarty->assign("userProfile", $dataProfile['username']); $smarty->assign("extenProfile_label", _tr("Extension")); $smarty->assign("extenProfile", $extension); $smarty->assign("faxProfile_label", _tr("Fax")); $smarty->assign("faxProfile", $dataProfile['fax_extension']); $smarty->assign("nameProfile", $dataProfile['name']); $smarty->assign('ID_PICTURE', $arrCredentials['idUser']); $smarty->assign('DeleteImage', _tr('Delete Image')); $dataProfile['languageProfile'] = $selectedLanguage; $arrFormFilter = createProfileForm($langElastix); $oFilterForm = new paloForm($smarty, $arrFormFilter); $htmlFilter = $oFilterForm->fetchForm("/var/www/html/web/themes/elastix3/_common/profile_uf.tpl", _tr('My Profile'), $dataProfile); $jsonObject = new PaloSantoJSON(); $jsonObject->set_message($htmlFilter); return $jsonObject->createJSON(); }
<?php header('content-type: text/html; charset=utf-8'); require "./include/init.php"; require_once './include/file.func.tool.php'; /* 文件太大会有问题! */ $file = isset($_FILES['file']) ? $_FILES['file'] : ''; /*print_r($file); var_dump($file['error']); exit; */ if ($msg = getErrorMsg($file['error'])) { echo "<script> alert('{$msg}'); history.go(-1); </script>"; exit; } else { if (!isImageByExt($file['name']) || !isImageByType($file['type'])) { echo "<script> alert('照片格式不正确,请检查!'); history.go(-1); </script>"; exit; } } $filedir = './data/images/'; $path = mk_dir($filedir) . '/' . randName() . '.' . getfileExt($file['name']); if (!move_uploaded_file($file['tmp_name'], $path)) { echo "<script> alert('对不起,服务器繁忙,请稍后再试!'); history.go(-1); </script>"; exit; } $username = trim($_POST['username']); $imagename = $file['name']; $imagepath = $path;